Obamacare Website Source Code: 'No Reasonable Expectation of Privacy'

Jeryl Bier

October 14, 2013 12:29 PM

The launch of federal government's Obamacare insurance exchange, Healthcare.gov, has been plagued with delays, errors, and poor website design, even prompting USA Today to call it an "inexcusable mess" and a "nightmare". Now comes another example of why the website's reputation is in tatters. Buried in the source code of Healthcare.gov is this sentence that could prove embarrassing: "You have no reasonable expectation of privacy regarding any communication or data transiting or stored on this information system." Though not visible to users and obviously not intended as part of the terms and conditions, the language is nevertheless a part of the underlying code for the "Terms & Conditions" page on the site.

After creating an account on Healthcare.gov, users are asked to click an "I accept" button under some routine Terms & Conditions prohibiting unauthorized attempts to upload information or change the website. Once users click the button, they may proceed to shop for insurance and enter detailed personal information. However, when the Terms & Conditions page is visible, the hidden sentence mentioned above along with several others can be seen by using a web browser's "View Source" feature. A screen grab below shows the visible Terms & Conditions page along with a simultaneous view of the code underlying it:

The full portion of the code which does not appear on the visible page displayed for users reads as follows:

You have no reasonable expectation of privacy regarding any communication or data transiting or stored on this information system. At any time, and for any lawful Government purpose, the government may monitor, intercept, and search and seize any communication or data transiting or stored on this information system. Any communication or data transiting or stored on this information system may be disclosed or used for any lawful Government purpose. [The sentence beginning "To continue" also appears again, but is only visible once on the page as displayed for users.]

It is unclear why these sentences appear in the code at all since they are not displayed, although the code may simply have been copied from another website that does use the full warning. In this case, the unwanted portion of the warning was rendered inert with HTML coding tags ("<!--" and "-->") usually used by programmers for inserting comments to explain the purpose of a section of code. However, the code can be rendered "live" again by simply removing those tags, in which case the full text would appear on the screen to users. However, it is unclear why the paragraph containing "no reasonable expectation of privacy" would ever have even been considered appropriate in this context.

The phrase "no reasonable expectation of privacy" is actually a stock phrase used in the terms and conditions of many government websites and information systems, but those who are entering personal, medical and financial information at Healthcare.gov may not find that fact reassuring. An email sent on Thursday, October 10, requesting comment from Department of Health and Human Services, the agency responsible for the website, has not yet been returned.